You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2012/03/05 10:07:54 UTC
git commit: Use SecurePackageResourceGuard as default. Improve
Packages#absolutePath(). Use IPackageResourceGuard.accept() for each call of
PackageResource#getResourceStream()
Updated Branches:
refs/heads/wicket-1.4.x 189359078 -> aebab524c
Use SecurePackageResourceGuard as default.
Improve Packages#absolutePath().
Use IPackageResourceGuard.accept() for each call of PackageResource#getResourceStream()
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/aebab524
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/aebab524
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/aebab524
Branch: refs/heads/wicket-1.4.x
Commit: aebab524c15c09ec1195ee157584aa4f5eec31b6
Parents: 1893590
Author: martin-g <mg...@apache.org>
Authored: Mon Mar 5 11:06:46 2012 +0200
Committer: martin-g <mg...@apache.org>
Committed: Mon Mar 5 11:06:46 2012 +0200
----------------------------------------------------------------------
pom.xml | 6 ++
.../velocity/VelocityTemplateApplication.java | 10 ++-
wicket/pom.xml | 4 +
.../apache/wicket/markup/html/PackageResource.java | 64 +++++++-------
.../markup/html/SecurePackageResourceGuard.java | 30 ++++++-
.../java/org/apache/wicket/settings/Settings.java | 5 +-
.../wicket/util/file/WebApplicationPath.java | 12 +++-
.../java/org/apache/wicket/util/lang/Packages.java | 7 +-
.../resource/locator/ResourceStreamLocator.java | 29 ++++++-
.../org/apache/wicket/SharedResourceUrlTest.java | 17 ++--
.../html/SecurePackageResourceGuardTest.java | 31 ++++---
.../html/link/AutolinkPageExpectedResult_2.html | 2 +-
.../wicket/util/file/WebApplicationPathTest.java | 58 +++++++++++++
.../org/apache/wicket/util/lang/PackagesTest.java | 66 +++++++++++++++
.../wicket/util/tester/WicketTesterTest.java | 26 +++---
15 files changed, 289 insertions(+), 78 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 69fc06d..418b558 100644
--- a/pom.xml
+++ b/pom.xml
@@ -502,6 +502,12 @@
<scope>provided</scope>
<optional>true</optional>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.8.5</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</dependencyManagement>
<dependencies>
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java
----------------------------------------------------------------------
diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java b/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java
index 3087bf9..b36e1c9 100644
--- a/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java
+++ b/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java
@@ -22,6 +22,8 @@ import java.util.List;
import org.apache.velocity.app.Velocity;
import org.apache.wicket.Page;
import org.apache.wicket.WicketRuntimeException;
+import org.apache.wicket.markup.html.IPackageResourceGuard;
+import org.apache.wicket.markup.html.SecurePackageResourceGuard;
import org.apache.wicket.protocol.http.WebApplication;
/**
@@ -92,7 +94,13 @@ public class VelocityTemplateApplication extends WebApplication
protected void init()
{
getDebugSettings().setDevelopmentUtilitiesEnabled(true);
-
+ IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard();
+ if (packageResourceGuard instanceof SecurePackageResourceGuard)
+ {
+ SecurePackageResourceGuard guard = (SecurePackageResourceGuard)packageResourceGuard;
+ // allow velocity macros resources
+ guard.addPattern("+*.vm");
+ }
// initialize velocity
try
{
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/pom.xml
----------------------------------------------------------------------
diff --git a/wicket/pom.xml b/wicket/pom.xml
index 5ef39c5..3059ed9 100644
--- a/wicket/pom.xml
+++ b/wicket/pom.xml
@@ -46,6 +46,10 @@
<scope>provided</scope>
<optional>true</optional>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ </dependency>
</dependencies>
<build>
<plugins>
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java b/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java
index 0bb5ddf..a29117f 100644
--- a/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java
+++ b/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java
@@ -504,13 +504,6 @@ public class PackageResource extends WebResource implements IModifiable, IPackag
// Convert resource path to absolute path relative to base package
absolutePath = Packages.absolutePath(scope, path);
- if (!accept(scope, path))
- {
- throw new PackageResourceBlockedException(
- "Access denied to (static) package resource " + absolutePath +
- ". See IPackageResourceGuard");
- }
-
scopeName = scope.getName();
this.path = path;
this.locale = locale;
@@ -603,6 +596,37 @@ public class PackageResource extends WebResource implements IModifiable, IPackag
}
}
+ Class<?> realScope = getScope();
+ String realPath = absolutePath;
+ if (resourceStream instanceof IFixedLocationResourceStream)
+ {
+ realPath = ((IFixedLocationResourceStream)resourceStream).locationAsString();
+ if (realPath != null)
+ {
+ int index = realPath.indexOf(absolutePath);
+ if (index != -1)
+ {
+ realPath = realPath.substring(index);
+ }
+ else
+ {
+ // TODO just fall back on the full path without a scope..
+ realScope = null;
+ }
+ }
+ else
+ {
+ realPath = absolutePath;
+ }
+ }
+
+ if (accept(realScope, realPath) == false)
+ {
+ throw new PackageResourceBlockedException(
+ "Access denied to (static) package resource " + absolutePath +
+ ". See IPackageResourceGuard");
+ }
+
locale = resourceStream.getLocale();
if (resourceStream != null)
@@ -668,31 +692,7 @@ public class PackageResource extends WebResource implements IModifiable, IPackag
.getResourceSettings()
.getPackageResourceGuard();
- String realPath = path;
- IResourceStream resourceStream = Application.get()
- .getResourceSettings()
- .getResourceStreamLocator()
- .locate(getScope(), absolutePath, style, locale, null);
- if (resourceStream instanceof IFixedLocationResourceStream)
- {
- realPath = ((IFixedLocationResourceStream)resourceStream).locationAsString();
- if (realPath != null)
- {
- int index = realPath.indexOf(path);
- if (index != -1)
- {
- realPath = realPath.substring(index);
- }
- else
- // TODO just fall back on the full path without a scope..
- return guard.accept(null, realPath);
- }
- else
- {
- realPath = path;
- }
- }
- return guard.accept(scope, realPath);
+ return guard.accept(scope, path);
}
@Override
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java b/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java
index c553f32..71c63b6 100644
--- a/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java
+++ b/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java
@@ -20,6 +20,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
+import java.util.concurrent.ConcurrentMap;
import java.util.regex.Pattern;
import org.apache.wicket.settings.IResourceSettings;
@@ -80,16 +81,38 @@ public class SecurePackageResourceGuard extends PackageResourceGuard
private List<SearchPattern> pattern = new ArrayList<SearchPattern>();
/** A cache to speed up the checks */
- private final ConcurrentHashMap<String, Boolean> cache;
+ private final ConcurrentMap<String, Boolean> cache;
/**
- * Construct.
+ * Constructor.
*/
public SecurePackageResourceGuard()
{
- cache = newCache();
+ this(new SimpleCache(100));
}
+ public SecurePackageResourceGuard(ConcurrentMap<String, Boolean> cache)
+ {
+ this.cache = cache;
+
+ // the order is important for better performance
+ // first add the most commonly used
+ addPattern("+*.js");
+ addPattern("+*.css");
+ addPattern("+*.png");
+ addPattern("+*.jpg");
+ addPattern("+*.jpeg");
+ addPattern("+*.gif");
+ addPattern("+*.ico");
+
+ // WICKET-208 non page templates may be served
+ addPattern("+*.html");
+
+ addPattern("+*.txt");
+ addPattern("+*.swf");
+ addPattern("+*.bmp");
+ }
+
/**
* Get a new cache implementation. Subclasses may return null to disable caching. More advanced
* caches (e.h. ehcache) should be used in production environments to limit the size and remove
@@ -97,6 +120,7 @@ public class SecurePackageResourceGuard extends PackageResourceGuard
*
* @return the cache implementation
*/
+ @Deprecated
public ConcurrentHashMap<String, Boolean> newCache()
{
return new SimpleCache(100);
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/settings/Settings.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/settings/Settings.java b/wicket/src/main/java/org/apache/wicket/settings/Settings.java
index 0d58547..06c47b4 100644
--- a/wicket/src/main/java/org/apache/wicket/settings/Settings.java
+++ b/wicket/src/main/java/org/apache/wicket/settings/Settings.java
@@ -42,7 +42,7 @@ import org.apache.wicket.markup.IMarkupParserFactory;
import org.apache.wicket.markup.MarkupCache;
import org.apache.wicket.markup.MarkupParserFactory;
import org.apache.wicket.markup.html.IPackageResourceGuard;
-import org.apache.wicket.markup.html.PackageResourceGuard;
+import org.apache.wicket.markup.html.SecurePackageResourceGuard;
import org.apache.wicket.markup.html.form.persistence.CookieValuePersisterSettings;
import org.apache.wicket.markup.html.pages.BrowserInfoPage;
import org.apache.wicket.markup.resolver.AutoComponentResolver;
@@ -205,7 +205,8 @@ public final class Settings
private final Map<String, IResourceFactory> nameToResourceFactory = new HashMap<String, IResourceFactory>();
/** The package resource guard. */
- private IPackageResourceGuard packageResourceGuard = new PackageResourceGuard();
+ private IPackageResourceGuard packageResourceGuard = new SecurePackageResourceGuard(
+ new SecurePackageResourceGuard.SimpleCache(100));
/** The error page displayed when an expired page is accessed. */
private WeakReference<Class<? extends Page>> pageExpiredErrorPage;
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java b/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java
index 7be009f..452e658 100644
--- a/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java
+++ b/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java
@@ -92,8 +92,12 @@ public final class WebApplicationPath implements IResourcePath
*
* @see org.apache.wicket.util.file.IResourceFinder#find(Class, String)
*/
- public IResourceStream find(final Class<?> clazz, final String pathname)
+ public IResourceStream find(final Class<?> clazz, String pathname)
{
+ while (pathname.startsWith("/"))
+ {
+ pathname = pathname.substring(1);
+ }
Iterator<Folder> foldersIter = folders.iterator();
while (foldersIter.hasNext())
{
@@ -138,4 +142,10 @@ public final class WebApplicationPath implements IResourcePath
return "[folders = " + StringList.valueOf(folders) + ", webapppaths: " +
StringList.valueOf(webappPaths) + "]";
}
+
+ /* package private for test in 1.4 only */
+ final void addToWebPath(String path)
+ {
+ webappPaths.add(path);
+ }
}
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java b/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java
index 0d5601c..baef04c 100644
--- a/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java
+++ b/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java
@@ -16,7 +16,6 @@
*/
package org.apache.wicket.util.lang;
-import org.apache.wicket.util.string.IStringIterator;
import org.apache.wicket.util.string.StringList;
/**
@@ -87,10 +86,10 @@ public final class Packages
final StringList folders = StringList.tokenize(relativePath, "/\\");
// Iterate through folders
- for (final IStringIterator iterator = folders.iterator(); iterator.hasNext();)
+ for (int i = 0, size = folders.size(); i < size; i++)
{
// Get next folder
- final String folder = iterator.next();
+ final String folder = folders.get(i);
// Up one?
if ("..".equals(folder))
@@ -105,7 +104,7 @@ public final class Packages
throw new IllegalArgumentException("Invalid path " + relativePath);
}
}
- else
+ else if (absolutePath.size() <= i || absolutePath.get(i).equals(folder) == false)
{
// Add to stack
absolutePath.add(folder);
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java b/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java
index 96fe514..ca75b86 100644
--- a/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java
+++ b/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java
@@ -23,6 +23,7 @@ import org.apache.wicket.Application;
import org.apache.wicket.util.file.IResourceFinder;
import org.apache.wicket.util.resource.IResourceStream;
import org.apache.wicket.util.resource.UrlResourceStream;
+import org.apache.wicket.util.string.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -114,7 +115,7 @@ public class ResourceStreamLocator implements IResourceStreamLocator
{
// Try the various combinations of style, locale and extension to find
// the resource.
- ResourceNameIterator iter = new ResourceNameIterator(path, style, locale, extension);
+ ResourceNameIterator iter = newResourceNameIterator(path, style, locale, extension);
while (iter.hasNext())
{
String newPath = iter.next();
@@ -130,6 +131,32 @@ public class ResourceStreamLocator implements IResourceStreamLocator
return null;
}
+ private ResourceNameIterator newResourceNameIterator(String path, String style, Locale locale,
+ String extension)
+ {
+ final String realPath;
+ final String realExtension;
+
+ if ((extension == null) && (path != null) && (path.indexOf('.') != -1))
+ {
+ realPath = Strings.beforeLast(path, '.');
+ // for extensions with separator take the first extension
+ realExtension = Strings.afterLast(path, '.');
+ if (realExtension.indexOf(',') > -1)
+ {
+ // multiple extensions are not allowed in the path parameter
+ return new EmptyResourceNameIterator();
+ }
+ }
+ else
+ {
+ realPath = path;
+ realExtension = extension;
+ }
+
+ return new ResourceNameIterator(realPath, style, locale, realExtension);
+ }
+
/**
* Search the the resource my means of the various classloaders available
*
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java
----------------------------------------------------------------------
diff --git a/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java b/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java
index b263385..a2a6dbd 100644
--- a/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java
+++ b/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java
@@ -68,7 +68,8 @@ public class SharedResourceUrlTest extends WicketTestCase
rr = new ResourceReference(SharedResourceUrlTest.class, "test");
url = cycle.urlFor(rr, new ValueMap("param=value", ""));
- assertEquals("resources/org.apache.wicket.SharedResourceUrlTest/test?param=value", url.toString());
+ assertEquals("resources/org.apache.wicket.SharedResourceUrlTest/test?param=value",
+ url.toString());
}
public void testResourceReferenceUrl_SessionLocale() throws Exception
@@ -77,13 +78,13 @@ public class SharedResourceUrlTest extends WicketTestCase
WebRequestCycle cycle = tester.createRequestCycle();
Session.get().setLocale(Locale.GERMANY);
- ResourceReference rr = new ResourceReference(Application.class, "test", true, false);
+ ResourceReference rr = new ResourceReference(Application.class, "test.css", true, false);
CharSequence url = cycle.urlFor(rr);
- assertEquals("resources/org.apache.wicket.Application/test_de_DE", url.toString());
+ assertEquals("resources/org.apache.wicket.Application/test_de_DE.css", url.toString());
Session.get().setLocale(Locale.US);
url = cycle.urlFor(rr);
- assertEquals("resources/org.apache.wicket.Application/test_en_US", url.toString());
+ assertEquals("resources/org.apache.wicket.Application/test_en_US.css", url.toString());
}
/**
@@ -115,19 +116,19 @@ public class SharedResourceUrlTest extends WicketTestCase
tester.setupRequestAndResponse();
WebRequestCycle cycle = tester.createRequestCycle();
- ResourceReference rr = new ResourceReference(Application.class, "test", true, true);
+ ResourceReference rr = new ResourceReference(Application.class, "test.css", true, true);
Session.get().setLocale(Locale.GERMANY);
CharSequence url = cycle.urlFor(rr);
- assertEquals("resources/org.apache.wicket.Application/test_de_DE", url.toString());
+ assertEquals("resources/org.apache.wicket.Application/test_de_DE.css", url.toString());
Session.get().setStyle("foo");
url = cycle.urlFor(rr);
- assertEquals("resources/org.apache.wicket.Application/test_foo_de_DE", url.toString());
+ assertEquals("resources/org.apache.wicket.Application/test_foo_de_DE.css", url.toString());
Session.get().setStyle("bar");
Session.get().setLocale(Locale.US);
url = cycle.urlFor(rr);
- assertEquals("resources/org.apache.wicket.Application/test_bar_en_US", url.toString());
+ assertEquals("resources/org.apache.wicket.Application/test_bar_en_US.css", url.toString());
}
/**
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
----------------------------------------------------------------------
diff --git a/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java b/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
index e36aac5..0def5f2 100644
--- a/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
+++ b/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
@@ -24,12 +24,19 @@ import org.apache.wicket.WicketTestCase;
*/
public class SecurePackageResourceGuardTest extends WicketTestCase
{
+ private SecurePackageResourceGuard newGuard()
+ {
+ SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ guard.getPattern().clear();
+ return guard;
+ }
+
/**
*
*/
public void test_accept()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+*.gif");
assertTrue(guard.accept(Application.class, "test.gif"));
assertTrue(guard.accept(Application.class, "mydir/test.gif"));
@@ -56,7 +63,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_acceptAbsolutePath()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+*.gif");
assertTrue(guard.acceptAbsolutePath("test.gif"));
assertTrue(guard.acceptAbsolutePath("mydir/test.gif"));
@@ -68,7 +75,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_fileOnly()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+**.gif");
guard.addPattern("+*.gif*");
guard.addPattern("+*.gi*");
@@ -94,7 +101,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_withDirectory()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+mydir/*/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
@@ -109,7 +116,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_1()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+mydir/**/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
@@ -124,7 +131,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_2()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+*my*dir*/*/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
@@ -142,7 +149,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_3()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+mydir**/*X/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
@@ -160,7 +167,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_4()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+mydir/**/xxx/**/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
@@ -186,7 +193,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_5()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+/**/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
@@ -202,7 +209,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_6()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+**/*.gif");
assertTrue(guard.acceptAbsolutePath("test.gif"));
@@ -217,7 +224,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_7()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+*/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
@@ -232,7 +239,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
*/
public void test_8()
{
- SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ SecurePackageResourceGuard guard = newGuard();
guard.addPattern("+/*/*.gif");
assertFalse(guard.acceptAbsolutePath("test.gif"));
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html
----------------------------------------------------------------------
diff --git a/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html b/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html
index 9fb160b..409ff1e 100644
--- a/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html
+++ b/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html
@@ -26,7 +26,7 @@
<a href="?wicket:bookmarkablePage=:org.apache.wicket.markup.html.link.subdir.Page1">Home</a>
<link href="resources/org.apache.wicket.markup.html.link.AutolinkPage_2/test_myStyle.css"/>
<a href="/root/test.html">Home</a>
-<a href="org/apache/wicket/markup/html/link/Page1.html">Home</a>
+<a href="?wicket:bookmarkablePage=:org.apache.wicket.markup.html.link.Page1">Home</a>
<a href="http://www.google.com">Google</a>
</body>
</html>
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java
----------------------------------------------------------------------
diff --git a/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java b/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java
new file mode 100644
index 0000000..58fa3f0
--- /dev/null
+++ b/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.util.file;
+
+import java.net.URL;
+
+import javax.servlet.ServletContext;
+
+import org.apache.wicket.util.resource.IResourceStream;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Matchers;
+import org.mockito.Mockito;
+
+/**
+ * @since 1.5.5
+ */
+public class WebApplicationPathTest extends Assert
+{
+ @Test
+ public void doNotServeResourcesFromWebInfEvenIfRootIsAdded() throws Exception
+ {
+ URL webUrl = new URL("file://dummyFile");
+
+ ServletContext context = Mockito.mock(ServletContext.class);
+ Class<String> scope = String.class;
+ Mockito.when(context.getResource(Matchers.any(scope))).thenReturn(webUrl);
+
+ WebApplicationPath path = new WebApplicationPath(context);
+ path.addToWebPath("/");
+ IResourceStream resourceStream = path.find(scope, "WEB-INF/web.xml");
+ assertNull(resourceStream);
+
+ IResourceStream resourceStreamWithLeadingSlash = path.find(scope, "/WEB-INF/web.xml");
+ assertNull(resourceStreamWithLeadingSlash);
+
+ IResourceStream otherResourceStream = path.find(scope, "any/other/resource");
+ assertNotNull(otherResourceStream);
+ IResourceStream otherResourceStreamWithLeadingSlash = path.find(scope,
+ "/any/other/resource");
+ assertNotNull(otherResourceStreamWithLeadingSlash);
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java
----------------------------------------------------------------------
diff --git a/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java b/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java
new file mode 100644
index 0000000..ba1eaa1
--- /dev/null
+++ b/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.util.lang;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * @since 1.4.20
+ */
+public class PackagesTest extends Assert
+{
+ @Test
+ public void absolutePath1() throws Exception
+ {
+ String packageName = "org.apache.wicket.util.tester";
+ String relativePath = "org/apache/wicket/util/tester/BlockedResourceLinkPage.html";
+
+ String absolutePath = Packages.absolutePath(packageName, relativePath);
+ assertEquals(relativePath, absolutePath);
+ }
+
+ @Test
+ public void absolutePath2() throws Exception
+ {
+ String packageName = "org.apache.wicket.util";
+ String relativePath = "tester/BlockedResourceLinkPage.html";
+
+ String absolutePath = Packages.absolutePath(packageName, relativePath);
+ assertEquals("org/apache/wicket/util/tester/BlockedResourceLinkPage.html", absolutePath);
+ }
+
+ @Test
+ public void absolutePath3() throws Exception
+ {
+ String packageName = "org.apache.wicket.util";
+ String relativePath = "wicket/BlockedResourceLinkPage.html";
+
+ String absolutePath = Packages.absolutePath(packageName, relativePath);
+ assertEquals("org/apache/wicket/util/wicket/BlockedResourceLinkPage.html", absolutePath);
+ }
+
+ @Test
+ public void absolutePath4() throws Exception
+ {
+ String packageName = "org.apache.wicket.util";
+ String relativePath = "../../BlockedResourceLinkPage.html";
+
+ String absolutePath = Packages.absolutePath(packageName, relativePath);
+ assertEquals("org/apache/BlockedResourceLinkPage.html", absolutePath);
+ }
+}
http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java
----------------------------------------------------------------------
diff --git a/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java b/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java
index 2679ccc..a2b22be 100644
--- a/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java
+++ b/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java
@@ -35,7 +35,6 @@ import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.AjaxLink;
import org.apache.wicket.authorization.Action;
import org.apache.wicket.authorization.IAuthorizationStrategy;
-import org.apache.wicket.markup.html.PackageResource.PackageResourceBlockedException;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.Button;
@@ -432,7 +431,7 @@ public class WicketTesterTest extends TestCase
}
/**
- *
+ *
*/
public void testAssertComponentOnAjaxResponse()
{
@@ -679,7 +678,7 @@ public class WicketTesterTest extends TestCase
}
/**
- *
+ *
*/
public void testRedirectWithPageParameters()
{
@@ -705,16 +704,17 @@ public class WicketTesterTest extends TestCase
*/
public void testClickResourceLink()
{
- try
- {
- tester.startPage(BlockedResourceLinkPage.class);
- fail("Accessing " + BlockedResourceLinkPage.class + " should have raised a " +
- PackageResourceBlockedException.class);
- }
- catch (PackageResourceBlockedException e)
- {
-
- }
+ /*
+ * With the changes in PackageResource that no longer check the resource guard in the
+ * constructor but in getResourceStream, this can no longer be tested with the 1.4
+ * WicketTester
+ *
+ * try { tester.startPage(BlockedResourceLinkPage.class); fail("Accessing " +
+ * BlockedResourceLinkPage.class + " should have raised a " +
+ * PackageResourceBlockedException.class); } catch (PackageResourceBlockedException e) {
+ *
+ * }
+ */
tester.startPage(MockResourceLinkPage.class);
tester.clickLink("link");